Can I use extended resource rules when writing CA-ACF2 DB2 rules? We are new with the CA-ACF2 DB2 product and have just installed CA-ACF2 DB2 1.3.

Extended resource rule support is part of the CA-ACF2 DB2 rule writing process. You can either write the DB2 rule key with the full resource name or write the rule key with the first index of the resource name. The following examples show how to write CA-ACF2 DB2 rules:

ACF

set c(db2) sysid(xxxx) type(TBL)

Note: "xxxx" is the DB2 subsystem (1 - 4 characters), and "type" identifies the 3 character code associated with the DB2 resource.

The following TBL rule uses the full TBL name in the $KEY option:

$KEY(tablename.V***********************) TYPE(TBL) SYSID(xxxx)       
UID(uid of user1) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW  
UID(uid of user2) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW   
UID(uid of user3) SERVICE(SELECT) ALLOW 
UID(uid of user4) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW  

You can also write the above TBL rule by using the extended rule process:

$KEY(tablename) TYPE(TBL) SYSID(xxxx)  
V- UID(uid of user1) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW 
V- UID(uid of user2) SERVICE(DELETE,INSERT,SELECT,UPDATE)  ALLOW       
V- UID(uid of user3) SERVICE(SELECT) ALLOW  
V- UID(uid of user4) SERVICE(DELETE,INSERT,SELECT,UPDATE) ALLOW 

The CA-ACF2 DB2 Administration Guide, the chapter on Writing Rules, documents detailed information related to writing CA-ACF2 DB2 rules. Also, the chapter on Maintaining Resource Rules, in the CA-ACF2 Administration Guide contains additional information related to extended resource rules.